The file /etc/sudoers, has the rules that users have to follow when using sudo command.

If you are (or was) running Ubuntu, you may know that by default the root account is not usable in Ubuntu, because it has no password, you may assign one and use it as in every other Linux, but that is another story. On normal Ubuntu Linux machines you need to use sudo command to perform operations as root.

I like that approach, and even though I am using Debian, I always give my account root rights, so I can run commands as root without changing to root.

Comics from XKCD

As you can see from this funny picture, using sudo makes your system reacts as if was another user who are given the order.

Two of the best advantages about using sudo are:

• Restringed privileges
• Logs of the actions done by users

Well but in order to use sudo we first need to configure the sudoers file.

Do not edit directly the file

To edit it, use the command

visudo

You will see a file more or less like this.

# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#

Defaults        env_reset

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL) ALL

As you can see there is basically one line

root ALL=(ALL) ALL

This lines means that the user root can execute from ALL terminals, acting as ALL (any) users, and run ALL (any) command.

So the first part is the user, the second is the terminal from where the user can use sudo, the third is as which user he may act, and the last one, is which commands he may run.

Let's see some other examples.

operator ALL= /sbin/poweroff

This makes that users operator can from any terminal, run the command poweroff.

You can also create aliases for: users -> User_Alias, run comands as other users -> Runas_Alias, host -> Host_Alias and command-> Cmnd_Alias

These are some examples:

User_Alias OPERATORS = joe, mike, jude
Runas_Alias OP = root, operator
Host_Alias OFNET = 10.1.2.0/255.255.255.0
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm

As you can see the alias OPERATORS includes the users joe, mike and jude, the alias OP includes the users root and operator, alias OFNET includes the network 10.1.2.0 (all the C class), and the command alias PRINTING includes the commands lpc and lprm.

So a typical sudoers file may look like this.

 User_Alias     OPERATORS = joe, mike, jude
 Runas_Alias    OP = root, operator
 Host_Alias     OFNET = 10.1.2.0/255.255.255.0
 Cmnd_Alias     PRINTING = /usr/sbin/lpc, /usr/bin/lprm

OPERATORS ALL=ALL

#The users in the OPERATORS group can run any command from any terminal.

linus ALL=(OP) ALL

# The user linus can run any command from any terminal as any user in the OP group (root or operator).

user2 OFNET=(ALL) ALL

# user user2 may run any command from any machine in the OFNET network, as any user.

user3 ALL= PRINTING

# user user3 may run lpc and lprm from any machine.

go2linux ALL=(ALL) ALL

# user go2linux may run any command from any machine acting as any user. (like Ubuntu)

You may want to read sudoers man page